XPost: linux.debian.devel.release

severity 1106303 serious
thanks

On Thu, Jul 31, 2025 at 11:35:28AM +0200, Emilio Pozuelo Monfort wrote:

On 31/07/2025 00:05, Adrian Bunk wrote:

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:openjdk-25
User: [email protected]
Usertags: rm

We are shipping (and security-supporting) an early-access
pre-release of a non-default OpenJDK in trixie at the moment.

Is this really intentional?

I think so. OpenJDK 25 is a LTS release, and will be released in September. It can be updated in a point release, and then be security supported for trixie's lifetime.

At the very minimum, we should ship a package which builds from source (see #1106303).

If this is not possible, I would expect at least to acknowledge the
problem and not try to hide it (see #1109759).

I can't use trixie-can-defer myself because I'm not a Release Manager,
but I'm fixing the severity myself with this message.

Please either unblock the current package in unstable so that it can
migrate to testing, or apply the trixie-can-defer tag to #1106303 as I requested in #1109759 (in my opinion, shipping packages which build
from source is always better).

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.devel.release

On Thu, Jul 31, 2025 at 11:35:28AM +0200, Emilio Pozuelo Monfort wrote:

On 31/07/2025 00:05, Adrian Bunk wrote:

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:openjdk-25
User: [email protected]
Usertags: rm

We are shipping (and security-supporting) an early-access
pre-release of a non-default OpenJDK in trixie at the moment.

Is this really intentional?

I think so. OpenJDK 25 is a LTS release, and will be released in September. It can be updated in a point release, and then be security supported for trixie's lifetime.

Is there a commitment from someone to provide DSAs for the next 3 years?
That's around a dozen DSAs.

The normal way to provide future features to stable users would be
through trixie-backports.[1]

Emilio

cu
Adrian

[1] Bootstrapping could be done by preparing 25~32ea-1~bpo13+1 right now,
building the binaries now in unstable (or trixie) porterbox chroots,
and uploading these together with the sources when trixie-backports opens.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.devel.release

Hi Emilio, hi Adrian,

On Thu, Jul 31, 2025 at 11:35:28AM +0200, Emilio Pozuelo Monfort wrote:

On 31/07/2025 00:05, Adrian Bunk wrote:

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:openjdk-25
User: [email protected]
Usertags: rm

We are shipping (and security-supporting) an early-access
pre-release of a non-default OpenJDK in trixie at the moment.

Is this really intentional?

I think so. OpenJDK 25 is a LTS release, and will be released in September. It can be updated in a point release, and then be security supported for trixie's lifetime.

TTBOMK, the situation is as you describe (and is quite similar to what
we had back in bullseye):

At trixie release point we have *both* openjdk-21 (which is a LTS
release) and openjdk-25.

Security supported is in the beginning just opendjdk-21. Once
openjdk-25 is released as GA and will be another LTS release, it can
be covered as well with updates.

Moritz and Matthias can comment more detailed on this.

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)